Rainer M. Canavan wrote:
On Sep 30, 2014, at 19:16 , Hans-Georg Scherneck <h...@chalmers.se> wrote:
My site is bombarded by POST requests from a site identifying itself like
123.123.123.123.word.word.word.word
A "deny from" instruction with a string trying to match this in .htaccess does
not appear to work (though other abusers with simple IP's I can get barred this way).
You don't say where that sites identifies itself in such a manner. You should
not enable reverse lookups (i.e. HostnameLookups should be Off, possibly some
other settings), then the first column in your access.log should always be
the actual originating IP address of that request. If they are real spammers,
they have a botnet with lots of IPs in nearly as many locations and subnets.
rainer
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
Blocking from apache:
<Location />
Order Allow,Deny
Deny from <INSERT IP TO BLOCK HERE>
</Location>
You can block it at the network stack level too, this way apache does not even see the request, ex
on linux using iptables.
bye,
Frederik
I'm trying with <Location /> now.
HostnameLookups Off
has always been set.
My reply to Richard a minute ago included some incriminating access.log lines. Ever seen an address
like this before?
/Hans-Georg
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@httpd.apache.org
For additional commands, e-mail: users-h...@httpd.apache.org
